Data protection

1. Responsible person

Controller within the meaning of the General Data Protection Regulation (GDPR):

MRM Jewellery
Mariam Benkarroum
Feldstraße 10
61440 Oberursel (Taunus)
Germany

E-mail: mrm.oneconcept@gmail.com
Telephone: 0162 3972445


2. General Information

We appreciate your interest in our online shop. Protecting your personal data is important to us. We only process personal data in accordance with legal regulations, in particular the GDPR.

This privacy policy informs you about what personal data we collect, how we use it and what rights you have.


3. Legal basis for processing

We process personal data on the following legal bases:

  • Article 6 paragraph 1 letter a GDPR – Consent

  • Article 6 paragraph 1 letter b GDPR – Contract fulfillment

  • Article 6 paragraph 1 letter c GDPR – legal obligation

  • Article 6 paragraph 1 letter f GDPR – legitimate interest


4. Hosting & shop system (Shopify)

Our online shop is powered by Shopify Inc. or Shopify International Ltd. operated.

Shopify processes personal data on our behalf, in particular:

  • name

  • Billing and delivery address

  • Payment information

  • IP address

  • Order and usage data

Shopify acts as Data processor pursuant to Art. 28 GDPR .
Data may be transferred to third countries (e.g., Canada or the USA). This is done on the basis of Standard Contractual Clauses of the EU Commission .

Further information: Shopify Privacy Policy.


5. Collection of personal data

We process the following data in particular:

  • Contact details: Name, address, email, telephone number

  • Order details: Products, prices, payment status

  • Payment details: via payment service providers (we do not store all data)

  • Usage data: IP address, browser, access times

  • Communication data: Inquiries via email or contact form


6. Purpose of processing

The processing is carried out for the following purposes:

  • Contract processing and delivery

  • Payment processing

  • Customer service

  • Sending transactional emails

  • Newsletter and marketing (only with consent)

  • Security and fraud prevention

  • Optimization of our online shop


7. Payment service providers

Depending on the payment method chosen, we will forward necessary data to payment service providers (e.g. Shopify Payments, PayPal, Klarna).

The processing is carried out for the purpose of fulfilling the contract in accordance with Article 6 paragraph 1 letter b GDPR .


8th Newsletter

When you subscribe to our newsletter, we process your email address and, if applicable, your name based on your Consent (Art. 6 para. 1 lit. a GDPR) .

Registration takes place in Double opt-in procedure .

Shipping is handled by a shipping service provider (e.g., Shopify Email or Klaviyo), which acts as Data processor pursuant to Art. 28 GDPR is active.

You can unsubscribe from the newsletter at any time via the unsubscribe link in every email.


9. Cookies & Consent Management

We use cookies and similar technologies.

  • Technically necessary cookies:
    Legal basis: Art. 6 para. 1 lit. f GDPR

  • Analytics & marketing cookies:
    Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

Consent is obtained via our Cookie banner (e.g. Shopify Consent / Cookiebot) and can be revoked at any time.


10. Instagram & Facebook (Meta)

We use services of Meta Platforms Ireland Ltd. , 4 Grand Canal Square, Dublin 2, Ireland (Instagram & Facebook).

Personal data (e.g., IP address, usage behavior) may be processed in this process.

The usage takes place only with your consent (Art. 6 para. 1 lit. a GDPR) .

There is a joint responsibility pursuant to Art. 26 GDPR .
Data transfers to the USA are based on... Standard contractual clauses .


11. Data Sharing

Your data will only be shared:

  • to data processors

  • for the fulfillment of the contract

  • due to legal obligations

  • with your express consent


12. Storage duration

Personal data will only be stored for as long as is necessary for the aforementioned purposes or as required by law.


13. Rights of data subjects

You have the following rights:

  • Right of access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Revocation of granted consent


14. Right of appeal

You have the right to lodge a complaint with a data protection supervisory authority.


15. Data security

We take technical and organizational measures to protect your data from loss, manipulation and unauthorized access.


16. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to reflect legal or technical changes.


17. Contact

For questions regarding data protection, please contact:

MRM Jewellery
E-mail: mrm.oneconcept@gmail.com
Telephone: 01623972445